CVE-2019-11417

Name of the Vulnerable Software and Affected Versions TRENDnet TV-IP110WN camera version 1.2.2 build 28, 64, 65, and 68

Description The system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow issue due to an inadequate source-length check before a strcpy operation in the respondAsp function. This can be exploited by attackers using the languse parameter with a long string.

Recommendations For version 1.2.2 build 28, avoid using the languse parameter with long strings until a fix is available. For version 1.2.2 build 64, restrict access to the system.cgi to minimize the risk of exploitation. For version 1.2.2 build 65, consider disabling the respondAsp function as a temporary workaround. For version 1.2.2 build 68, limit the input length for the languse parameter to prevent buffer overflow.